We need to store some keys in a secure fashion without increment the solution complexity. After seeing the solution in #2980072, that I think is ok, I propose another way based in hash_salt as an encryption key. Hash salt is used how a secure key to one time links, hash passwords, etc and can be protected to not be stored in settings.php.

We can see in default settings.php that:

/**
 * Salt for one-time login links, cancel links, form tokens, etc.
 *
 * This variable will be set to a random value by the installer. All one-time
 * login links will be invalidated if the value is changed. Note that if your
 * site is deployed on a cluster of web servers, you must ensure that this
 * variable has the same value on each server.
 *
 * For enhanced security, you may set this variable to the contents of a file
 * outside your document root; you should also ensure that this file is not
 * stored with backups of your database.
 *
 * Example:
 * @code
 *   $settings['hash_salt'] = file_get_contents('/home/example/salt.txt');
 * @endcode
 */
$settings['hash_salt'] = 'aaaaaa';

I think that if hash_salt is compromised, all the system is lost. Then, we can base on it how to secure data, because Drupal has it how as a secure point.

CommentFileSizeAuthor
#9 secure_configuration_key_provider_3028014_8.patch4.26 KBpsf_
#6 secure_configuration_key_provider_3028014_5.patch4.29 KBpsf_
#3 secure_configuration_key_provider_3028014_3.patch4.29 KBpsf_

Comments

psf_ created an issue. See original summary.

psf_’s picture

psf_ commented
Issue summary: View changes
psf_’s picture

psf_ commented
StatusFileSize
new secure_configuration_key_provider_3028014_3.patch4.29 KB

This patch requires php openssl module enabled, Need I add to composer.json how a requirement?

The encryption method used is 'aes-256-cbc'.

psf_’s picture

psf_ commented
Status: Active » Needs review

Status: Needs review » Needs work

The last submitted patch, 3: secure_configuration_key_provider_3028014_3.patch, failed testing. View results

psf_’s picture

psf_ commented
StatusFileSize
new secure_configuration_key_provider_3028014_5.patch4.29 KB
psf_’s picture

psf_ commented
Status: Needs work » Needs review

Status: Needs review » Needs work

The last submitted patch, 6: secure_configuration_key_provider_3028014_5.patch, failed testing. View results

psf_’s picture

psf_ commented
Status: Needs work » Needs review
StatusFileSize
new secure_configuration_key_provider_3028014_8.patch4.26 KB

Now? :_ D

psf_’s picture

psf_ commented
Issue summary: View changes
manuel garcia’s picture

manuel garcia commented

I'm not entirely sure this is a safe thing to do, my concerns:

  1. The hash salt was designed to be changeable, and is used for one-time login links and cancel links, form tokens, etc.
  2. If the salt is changed, you could end up with data you cant decrypt.
psf_’s picture

psf_ commented

Yes and yes :D

1.- It's used to protect user password too if you change it, all your users will be lost their passwords.
2.- The salt it's your castle key, if you lost it, you lost all. (it's an exaggeration)

I think that the information stored in "key" module don't must be unique, it must be recuperable by other channels too. I see this how a server to server connection credential storage, for example. With the correct user alert about this may be a good solution.

psf_’s picture

psf_ commented

I created a new module with this functionality: Fuzzy Config Key Provider.

imclean’s picture

imclean commented

#12

  1. No. It is not used to encrypt stored passwords. We have different hash salts on different environments for the same website with no problems.
  2. Also not true. If you lose it somehow you can just set a new one.
rlhawk’s picture

rlhawk
Primary language English
Location Seattle, Washington, United States
commented
Status: Needs review » Closed (won't fix)

Closing this, since a separate module now provides the requested functionality.